The 23andMe hack affected millions of customers: company faces class-action lawsuits

23andMe confirms leak of DNA data of 7 million customers, affecting finances and leading to legal suits

Boxes of 23andMe DNA Tests
Boxes of 23andMe DNA Tests / Leon Brocard, CC BY 2.0 DEED

The genetic research firm 23andMe confirmed that as a result of a cyberattack, confidential DNA information of approximately 7 million of its users was compromised. This security breach, which occurred in early October, was significant, affecting nearly half of the company's 14 million customers.

The hackers responsible for this attack gained access not only to the personal data of about 14 thousand users but also to a large volume of files containing detailed information on the origins and ancestry of other company clients.

23andMe reported that the cyberattack compromised the data of nearly 7 million users, which is almost half of their total number. This occurred due to a feature on their platform that allows users connected by DNA to find each other.

Additionally, about 1.4 million people who used this feature were also affected, as hackers gained access to their family tree information. This data includes names, familial relations, birth years, and other personal information. In its statement, 23andMe clarified that the hackers, violating the terms of service, gained unauthorized access to user accounts and extracted information from there.

Advertisement

Two months ago, Wired magazine reported that a sample of user data from the 23andMe database was published on the popular hacker forum BreachForums. This data included information on a million Ashkenazi Jews, as well as, apparently, on hundreds of thousands of people of Chinese descent. Following this, hackers began selling access to 23andMe accounts for a price ranging from 1 to 10 dollars, providing information including details of users' genetic origins.

Data on 4 million users were later published, including information on people from the UK and some of the wealthiest residents of the US and Western Europe. TechCrunch, analyzing the leak, confirmed that some of the data matched genetic information already published online, suggesting that it indeed could belong to 23andMe.

It is presumed that the leak occurred due to clients using the same passwords that had already been involved in other data breaches. This allowed hackers to use the "credential stuffing" method to access accounts.

Currently, the 23andMe DNA test is being sold at a 50% discount.

23andMe expressed concerns that the hack could negatively impact their financial performance during the fiscal year ending March 31, 2024. This assumption is based on the potential direct and indirect consequences of the incident.

Advertisement

Additionally, as a result of this hack, several class-action lawsuits have been initiated against 23andMe. The lawsuits have been filed in federal and state courts in California and Illinois, as well as in the courts of the Canadian provinces of Ontario and British Columbia. The legal proceedings are currently in the preliminary stages, and the company states that it cannot predict their outcome.

What 23andMe Does

23andMe is an American private company specializing in biotechnology and genetic research. Founded in 2006, it has since established itself as one of the leading companies in the field of personalized medicine and personal genetic testing.

Consumer Genetic Tests: 23andMe offers direct genetic testing to consumers. This means that people can order a DNA sample collection kit (usually saliva), send it back to the company's laboratory, and then receive various information about their genetic makeup, including origins, predisposition to certain diseases, and personality traits.

Information on Ancestry and Relatives: One of the most popular services of 23andMe is providing information about genetic origins and potential familial connections. Users can learn about their ancestors, ethnic origins, and even find distant relatives who have also undergone testing through 23andMe.

Health and Diseases: The company provides information about genetic predispositions to various diseases and conditions, as well as how the body reacts to certain medications. This can help people better understand their risks and make more informed decisions about their health and lifestyle.

Advertisement
Reminder:

Comments
Read also